lgoogloader | bc8560177aa43a687207e68c27c1c9378eb6fff83e61d279641c9256d79ea055 | Triage

Sharing

General

Target

bc8560177aa43a687207e68c27c1c9378eb6fff83e61d279641c9256d79ea055
Size

1.5MB
Sample

230107-w8avcsec75
MD5

76f1eb1f2ab9d3b08c64c3e0ad2e5987
SHA1

41de28c9260f6bfe36694dbd4ff34513df76582c
SHA256

bc8560177aa43a687207e68c27c1c9378eb6fff83e61d279641c9256d79ea055
SHA512

4ed5c4623ce914afc17f998a8fa967e162e60e385dc42e776cf7fad2c5d0725b693e5b7edaf32f885ea8e392ea1d69687b91fd40ff481307de8c6bde3e811743
SSDEEP

12288:089OSEq88bJ4hUK30WDUj6JTHUZ5/OJ4KEnYWZqPBCAX2MiFbhhPFfXHHJvR4yJ4:TbKm80C6F07YgVW44hB1iOy

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  bc8560177aa43a687207e68c27c1c9378eb6fff83e61d279641c9256d79ea055
- Size
  
  1.5MB
- MD5
  
  76f1eb1f2ab9d3b08c64c3e0ad2e5987
- SHA1
  
  41de28c9260f6bfe36694dbd4ff34513df76582c
- SHA256
  
  bc8560177aa43a687207e68c27c1c9378eb6fff83e61d279641c9256d79ea055
- SHA512
  
  4ed5c4623ce914afc17f998a8fa967e162e60e385dc42e776cf7fad2c5d0725b693e5b7edaf32f885ea8e392ea1d69687b91fd40ff481307de8c6bde3e811743
- SSDEEP
  
  12288:089OSEq88bJ4hUK30WDUj6JTHUZ5/OJ4KEnYWZqPBCAX2MiFbhhPFfXHHJvR4yJ4:TbKm80C6F07YgVW44hB1iOy
Score

10^/10

lgoogloader downloader persistence
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lgoogloaderdownloaderpersistence